sa 320(revised materiality in planning and … · part i : engagement and quality control standards...

Part I : Engagement and Quality Control Standards I.245

SA 320(REVISED) MATERIALITY IN PLANNING AND PERFORMING AN AUDIT (EFFECTIVE FOR ALL AUDITS RELATING TO ACCOUNTING PERIODS

BEGINNING ON OR AFTER APRIL 1, 2010) INTRODUCTION Scope of this SA 1. This Standard on Auditing (SA) deals with the auditor’s responsibility to apply the concept of materiality in planning and performing an audit of financial statements. SA 4501, explains how materiality is applied in evaluating the effect of identified misstatements on the audit and of uncorrected misstatements, if any, on the financial statements. Materiality in the Context of an Audit 2. Financial reporting frameworks often discuss the concept of materiality in the context of the preparation and presentation of financial statements. Although financial reporting frameworks may discuss materiality in different terms, they generally explain that: • Misstatements, including omissions, are considered to be material if they, individually or

in the aggregate, could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements;

• Judgments about materiality are made in the light of surrounding circumstances, and are affected by the size or nature of a misstatement, or a combination of both; and

• Judgments about matters that are material to users of the financial statements are based on a consideration of the common financial information needs of users as a group.2 The possible effect of misstatements on specific individual users, whose needs may vary widely, is not considered.

3. Such a discussion, if present in the applicable financial reporting framework, provides a frame of reference to the auditor in determining materiality for the audit. If the applicable financial reporting framework does not include a discussion of the concept of materiality, the characteristics referred to in paragraph 2 provide the auditor with such a frame of reference. 4. The auditor’s determination of materiality is a matter of professional judgment, and is affected by the auditor’s perception of the financial information needs of users of the financial

1 SA 450, “Evaluation of Misstatements Identified during the Audit”. 2 For example, paragraph 10 of the “Framework for the Preparation and Presentation of Financial Statements,” issued by the Institute of Chartered Accountants of India (ICAI) in July 2000, indicates for a profit-oriented entity that “as providers of risk capital to the enterprise, investor need more comprehensive information than other users. The provision of financial statements that meet their needs will also meet most of the needs of other users that financial statements can satisfy”.

© The Institute of Chartered Accountants of India

I.246 Auditing and Assurance

statements. In this context, it is reasonable for the auditor to assume that users: (a) Have a reasonable knowledge of business and economic activities and accounting and a

willingness to study the information in the financial statements with reasonable diligence; (b) Understand that financial statements are prepared, presented and audited to levels of

materiality; (c) Recognize the uncertainties inherent in the measurement of amounts based on the use

of estimates, judgment and the consideration of future events; and (d) Make reasonable economic decisions on the basis of the information in the financial

statements. 5. The concept of materiality is applied by the auditor both in planning and performing the audit, and in evaluating the effect of identified misstatements on the audit and of uncorrected misstatements, if any, on the financial statements and in forming the opinion in the auditor’s report. (Ref: Para. A1) 6. In planning the audit, the auditor makes judgments about the size of misstatements that will be considered material. These judgments provide a basis for: (a) Determining the nature, timing and extent of risk assessment procedures; (b) Identifying and assessing the risks of material misstatement; and (c) Determining the nature, timing and extent of further audit procedures. The materiality determined when planning the audit does not necessarily establish an amount below which uncorrected misstatements, individually or in aggregate, will always be evaluated as immaterial. The circumstances related to some misstatements may cause the auditor to evaluate them as material even if they are below materiality. Although, it is not practicable to design audit procedures to detect misstatements that could be material solely because of their nature, the auditor considers not only the size but also the nature of uncorrected misstatements, and the particular circumstances of their occurrence, when evaluating their effect on the financial statements.3 Effective Date 7. This SA is effective for audits of financial statements for periods beginning on or after April 1, 2010. Objective 8. The objective of the auditor is to apply the concept of materiality appropriately in planning and performing the audit. Definition 9. For purposes of the SAs, performance materiality means the amount or amounts set by the auditor at less than materiality for the financial statements as a whole to reduce to an

3 SA 450, paragraph A16.



appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole. If applicable, performance materiality also refers to the amount or amounts set by the auditor at less than the materiality level or levels for particular classes of transactions, account balances or disclosures.

REQUIREMENTS Determining Materiality and Performance Materiality when Planning the Audit 10. When establishing the overall audit strategy, the auditor shall determine materiality for the financial statements as a whole. If, in the specific circumstances of the entity, there is one or more particular classes of transactions, account balances or disclosures for which misstatements of lesser amounts than the materiality for the financial statements as a whole could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements, the auditor shall also determine the materiality level or levels to be applied to those particular classes of transactions, account balances or disclosures. (Ref: Para. A2-A11) 11. The auditor shall determine performance materiality for purposes of assessing the risks of material misstatement and determining the nature, timing and extent of further audit procedures. (Ref: Para. A12) Revision as the Audit Progresses 12. The auditor shall revise materiality for the financial statements as a whole (and, if applicable, the materiality level or levels for particular classes of transactions, account balances or disclosures) in the event of becoming aware of information during the audit that would have caused the auditor to have determined a different amount (or amounts) initially. (Ref: Para. A13) 13. If the auditor concludes that a lower materiality for the financial statements as a whole (and, if applicable, materiality level or levels for particular classes of transactions, account balances or disclosures) than that initially determined is appropriate, the auditor shall determine whether it is necessary to revise performance materiality, and whether the nature, timing and extent of the further audit procedures remain appropriate. Documentation 14. The audit documentation shall include the following amounts and the factors considered in their determination: (a) Materiality for the financial statements as a whole (see paragraph 10); (b) If applicable, the materiality level or levels for particular classes of transactions, account

balances or disclosures (see paragraph 10); (c) Performance materiality (see paragraph 11); and (d) Any revision of (a)-(c) as the audit progressed (see paragraphs 12-13).

* * *



Application and Other Explanatory Material Materiality and Audit Risk (Ref: Para. 5) A1. In conducting an audit of financial statements, the overall objectives of the auditor are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, thereby enabling the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework; and to report on the financial statements, and communicate as required by the SAs, in accordance with the auditor’s findings.4 The auditor obtains reasonable assurance by obtaining sufficient appropriate audit evidence to reduce audit risk to an acceptably low level5. Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of the risks of material misstatement and detection risk6. Materiality and audit risk are considered throughout the audit, in particular, when: (a) Identifying and assessing the risks of material misstatement7; (b) Determining the nature, timing and extent of further audit procedures8; and (c) Evaluating the effect of uncorrected misstatements, if any, on the financial

statementsand in forming the opinion in the auditor’s report9. Determining Materiality and Performance Materiality when Planning the Audit (Ref: Para. 10)

4 Presently, SA 200, “Basic Principles Governing an Audit” and SA 200A, “Objective and Scope of an Audit of Financial Statements” correspond to International Standard on Auditing (ISA) 200 (Revised and Redrafted). Both the SAs are currently being revised in the light of the ISA 200 (Revised and Redrafted). Post revision, the principles covered by SA 200 (AAS 1) and SA 200A (AAS 2) will be merged into one Standard, i.e., SA 200. ISA 200 (Revised and Redrafted), paragraph 11 states as follows:

“In conducting an audit of financial statements, the overall objectives of the auditor are: (a) To obtain reasonable assurance about whether the financial statements as a whole are free from material

misstatement, whether due to fraud or error, thereby enabling the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework; and

(b) To report on the financial statements, and communicate as required by the ISAs, in accordance with the auditor’s findings.”

5 ISA 200 (Revised and Redrafted), paragraph 17 states as follows: “To obtain reasonable assurance, the auditor shall obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to base the auditor’s opinion.”

6 ISA 200 (Revised and Redrafted), paragraph 13(c) defines the Audit Risk as follows: “The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of the risks of material misstatement and detection risk”.

7 SA 315, “Identifying and Assessing the Risks of Material Misstatements Through Understanding the Entity and Its Environment”. 8 SA 330, “The Auditor’s Responses to Assessed Risks”. 9 Currently, SA 700 (AAS 28), “The Auditor’s Report on Financial Statements”, issued by ICAI in January 2003 is in force. The Auditing and Assurance Standards Board has issued an Exposure Draft of the Revised SA 700 corresponding to International Standard on Auditing (ISA) 700, “Forming an Opinion and Reporting on Financial Statements”. The said Exposure Draft has been published in the June, 2009 issue of the Journal and has also been hosted on ICAI’s website.



Use of Benchmarks in Determining Materiality for the Financial Statements as a Whole A2. Determining materiality involves the exercise of professional judgment. A percentage is often applied to a chosen benchmark as a starting point in determining materiality for the financial statements as a whole. Factors that may affect the identification of an appropriate benchmark include the following:

• The elements of the financial statements (for example, assets, liabilities, equity, revenue, expenses);

• Whether there are items on which the attention of the users of the particular entity’s financial statements tends to be focused (for example, for the purpose of evaluating financial performance users may tend to focus on profit, revenue or net assets);

• The nature of the entity, where the entity is at in its life cycle, and the industry and economic environment in which the entity operates;

• The entity’s ownership structure and the way it is financed (for example, if an entity is financed solely by debt rather than equity, users may put more emphasis on assets, and claims on them, than on the entity’s earnings); and

• The relative volatility of the benchmark. A3. Examples of benchmarks that may be appropriate, depending on the circumstances of the entity, include categories of reported income such as profit before tax, total revenue, gross profit and total expenses, total equity or net asset value. Profit before tax from continuing operations is often used for profit-oriented entities. When profit before tax from continuing operations is volatile, other benchmarks may be more appropriate, such as gross profit or total revenues. A4. In relation to the chosen benchmark, relevant financial data ordinarily includes prior periods’ financial results and financial positions, the period-to-date financial results and financial position, and budgets or forecasts for the current period, adjusted for significant changes in the circumstances of the entity (for example, a significant business acquisition) and relevant changes of conditions in the industry or economic environment in which the entity operates. For example, when, as a starting point, the materiality for the financial statements as a whole is determined for a particular entity based on a percentage of profit before tax from continuing operations, circumstances that give rise to an exceptional decrease or increase in such profit may lead the auditor to conclude that the materiality for the financial statements as a whole is more appropriately determined using a normalized profit before tax from continuing operations figure based on past results. A5. Materiality relates to the financial statements on which the auditor is reporting. Where the financial statements are prepared for a financial reporting period of more or less than twelve months, such as may be the case for a new entity or a change in the financial reporting period, materiality relates to the financial statements prepared for that financial reporting period. A6. Determining a percentage to be applied to a chosen benchmark involves the exercise of professional judgment. There is a relationship between the percentage and the chosen



benchmark, such that a percentage applied to profit before tax from continuing operations will normally be higher than a percentage applied to total revenue. For example, the auditor may consider five percent of profit before tax from continuing operations to be appropriate for a profit oriented entity in a manufacturing industry, while the auditor may consider one percent of total revenue or total expenses to be appropriate for a not-for-profit entity. Higher or lower percentages, however, may be deemed appropriate in different circumstances. Considerations Specific to Small Entities A7. When an entity’s profit before tax from continuing operations is consistently nominal, as might be the case for an owner-managed business where the owner takes much of the profit before tax in the form of remuneration, a benchmark such as profit before remuneration and tax may be more relevant. A8. In the case of certain entities, such as, Central/State governments and related government entities (for example, agencies, boards, commissions), legislators and regulators are often the primary users of its financial statements. Furthermore, the financial statements may be used to make decisions other than economic decisions. The determination of materiality for the financial statements as a whole (and, if applicable, materiality level or levels for particular classes of transactions, account balances or disclosures) in an audit of the financial statements of those entities may therefore be influenced by legislative and regulatory requirements, and by the financial information needs of legislators and the public in relation to public utility programs/projects, such as, Accelerated Irrigation Benefit Programme (AIBP), Pradhan Mantri Gram Sadak Yojana (PMGSY) undertaken by the Central/State governments or related government entities . A9. In an audit of the entities doing public utility programs/projects, total cost or net cost (expenses less revenues or expenditure less receipts) may be appropriate benchmarks for that particular program/project activity. Where an entity has custody of the assets, assets may be an appropriate benchmark. Materiality Level or Levels for Particular Classes of Transactions, Account Balances or Disclosures (Ref: Para. 10) A10. Factors that may indicate the existence of one or more particular classes of transactions, account balances or disclosures for which misstatements of lesser amounts than materiality for the financial statements as a whole could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements include the following:

• Whether law, regulations or the applicable financial reporting framework affect users’ expectations regarding the measurement or disclosure of certain items (for example, related party transactions, and the remuneration of management and those charged with governance).

• The key disclosures in relation to the industry in which the entity operates (for example, research and development costs for a pharmaceutical company).



• Whether attention is focused on a particular aspect of the entity’s business that is separately disclosed in the financial statements (for example, a newly acquired business).

A11. In considering whether, in the specific circumstances of the entity, such classes of transactions, account balances or disclosures exist, the auditor may find it useful to obtain an understanding of the views and expectations of those charged with governance and management. Performance Materiality (Ref: Para. 11) A12. Planning the audit solely to detect individually material misstatements overlooks the fact that the aggregate of individually immaterial misstatements may cause the financial statements to be materially misstated, and leaves no margin for possible undetected misstatements. Performance materiality (which, as defined, is one or more amounts) is set to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements in the financial statements exceeds materiality for the financial statements as a whole. Similarly, performance materiality relating to a materiality level determined for a particular class of transactions, account balance or disclosure is set to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements in that particular class of transactions, account balance or disclosure exceeds the materiality level for that particular class of transactions, account balance or disclosure. The determination of performance materiality is not a simple mechanical calculation and involves the exercise of professional judgment. It is affected by the auditor’s understanding of the entity, updated during the performance of the risk assessment procedures; and the nature and extent of misstatements identified in previous audits and thereby the auditor’s expectations in relation to misstatements in the current period. Revision as the Audit Progresses (Ref: Para. 12) A13. Materiality for the financial statements as a whole (and, if applicable, the materiality level or levels for particular classes of transactions, account balances or disclosures) may need to be revised as a result of a change in circumstances that occurred during the audit (for example, a decision to dispose of a major part of the entity’s business), new information, or a change in the auditor’s understanding of the entity and its operations as a result of performing further audit procedures. For example, if during the audit it appears as though actual financial results are likely to be substantially different from the anticipated period end financial results that were used initially to determine materiality for the financial statements as a whole, the auditor revises that materiality.

MATERIAL MODIFICATIONS TO ISA 320, “MATERIALITY IN PLANNING AND PERFORMING AN AUDIT” Deletions 1. Paragraph A2 of ISA 320 dealt with the determination of materiality for the financial statements as a whole or for particular assertion in an audit of financial statements of a public



sector entity, which is influenced by legislative and regulatory requirements, and by the financial information needs of legislators and the public in relation to public sector programs. Since as mentioned in the “Preface to the Standards on Quality Control, Auditing, Review, Other Assurance and Related Services”, the Standards issued by the Auditing and Assurance Standards Board, apply equally to all entities, irrespective of their form, nature and size, a specific reference to applicability of the Standard to public sector entities has been deleted. Further, it is also possible that such a specific situation may exist in case of Central/State governments or related government entities, or programs/projects launched by them, pursuant to a requirement under the statute or regulation under which they operate. Accordingly, the spirit of erstwhile A2, highlighting such fact, has been retained and the paragraph has been re-numbered as A8. 2. Paragraph A9 of ISA 320 states that in an audit of the public sector entities, total cost or net cost (expenses less revenues or expenditure less receipts) may be appropriate benchmarks for program/project activities. Where a public sector entity has custody of assets, assets may be an appropriate benchmark. Since as mentioned in the “Preface to the Standards on Quality Control, Auditing, Review, Other Assurance and Related Services”, the Standards issued by the Auditing and Assurance Standards Board, apply equally to all entities, irrespective of their form, nature and size, a specific reference to applicability of the Standard to public sector entities has been deleted. Further, it is also possible that such a specific situation may exist in case of Central/State governments or related government entities, or programs/projects launched by them, pursuant to a requirement under the statute or regulation under which they operate. Accordingly, the spirit of erstwhile A9, highlighting such fact, has been retained Limited Revision Consequential to issuance of the Standard on Auditing (SA) 320 (Revised), “Materiality in Planning and Performing an Audit” The amendments to the following Standards on Auditing (SAs) have been shown in track change mode. SA 230 (Revised), “Audit Documentation” A17. ….Examples of matters that may be documented together in the audit of a smaller entity include the understanding of the entity and its internal control, the overall audit strategy and audit plan, materiality determined in accordance with SA 320(Revised)10, assessed risks, significant matters noted during the audit, and conclusions reached. SA 260 (Revised), “Communication with Those Charged with Governance” A15. Communication regarding the planned scope and timing of the audit may: (a) Assist those charged with governance to understand better the consequences of the

auditor’s work, to discuss issues of risk and the concept of materiality with the auditor,

10 SA 320 (Revised), “Materiality in Planning and Performing an Audit”.



and to identify any areas in which they may request the auditor to undertake additional procedures …

A17. Matters communicated may include:

• The application of the concept of materiality in the context of an audit. SA 300 (Revised), “Planning an Audit of Financial Statements”

Appendix Considerations in Establishing the Overall Audit Strategy

Significant Factors, Preliminary Engagement Activities, and Knowledge Gained on Other Engagements

• The determination of materiality in accordance with SA 320 (Revised),11 and, where applicable:

♦ Determination of materiality for components and communication thereof to component auditors.

♦ Preliminary identification of significant components and material classes of transactions, account balances and disclosures.

SA 315, “Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and Its Environment”

A1. The understanding establishes a frame of reference within which the auditor plans to audit and exercise professional judgment throughout the audit, for example, when:

SA 330 THE AUDITOR’S RESPONSES TO ASSESSED RISKS

(EFFECTIVE FOR AUDITS OF FINANCIAL STATEMENTS FOR PERIODS BEGINNING ON OR AFTER APRIL 1, 2008)

INTRODUCTION Scope of this SA 1. This Standard on Auditing (SA) deals with the auditor’s responsibility to design and implement responses to the risks of material misstatement identified and assessed by the auditor in accordance with SA 315, “Identifying and Assessing Risks of Material Misstatement Through Understanding the Entity and Its Environment” in a financial statement audit.

11 SA 320 (Revised), “Materiality in Planning and Performing an Audit”.



Effective Date 2. This SA is effective for audits of financial statements for periods beginning on or after April 1, 2008. Objective 3. The objective of the auditor is to obtain sufficient appropriate audit evidence about the assessed risks of material misstatement, through designing and implementing appropriate responses to those risks. Definitions 4. For purposes of the SAs, the following terms have the meanings attributed below: (a) Substantive procedure – An audit procedure designed to detect material misstatements

at the assertion level. Substantive procedures comprise: (i) Tests of details (of classes of transactions, account balances, and disclosures), and (ii) Substantive analytical procedures.

(b) Test of controls – An audit procedure designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level.

Requirements Overall Responses 5. The auditor shall design and implement overall responses to address the assessed risks of material misstatement at the financial statement level. (Ref: Para. A1-A3) Audit Procedures Responsive to the Assessed Risks of Material Misstatement at the Assertion Level 6. The auditor shall design and perform further audit procedures whose nature, timing and extent are based on and are responsive to the assessed risks of material misstatement at the assertion level. (Ref: Para. A4-A8) 7. In designing the further audit procedures to be performed, the auditor shall: (a) Consider the reasons for the assessment given to the risk of material misstatement at the

assertion level for each class of transactions, account balance, and disclosure, including: (i) The likelihood of material misstatement due to the particular characteristics of the

relevant class of transactions, account balance, or disclosure (i.e., the inherent risk); and

(ii) Whether the risk assessment takes into account the relevant controls (i.e., the control risk), thereby requiring the auditor to obtain audit evidence to determine whether the controls are operating effectively (i.e., the auditor intends to rely on the operating effectiveness of controls in determining the nature, timing and extent of substantive procedures); and (Ref: Para. A9-A18)



(b) Obtain more persuasive audit evidence the higher the auditor’s assessment of risk. (Ref: Para. A19)

Tests of Controls 8. The auditor shall design and perform tests of controls to obtain sufficient appropriate audit evidence as to the operating effectiveness of relevant controls when: (a) The auditor’s assessment of risks of material misstatement at the assertion level includes

an expectation that the controls are operating effectively (i.e., the auditor intends to rely on the operating effectiveness of controls in determining the nature, timing and extent of substantive procedures); or

(b) Substantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level. (Ref: Para. A20-A24)

9. In designing and performing tests of controls, the auditor shall obtain more persuasive audit evidence the greater the reliance the auditor places on the effectiveness of a control. (Ref: Para. A25) Nature and Extent of Tests of Controls 10. In designing and performing tests of controls, the auditor shall: (a) Perform other audit procedures in combination with inquiry to obtain audit evidence about

the operating effectiveness of the controls, including: (i) How the controls were applied at relevant times during the period under audit. (ii) The consistency with which they were applied. (iii) By whom or by what means they were applied. (Ref: Para. A26-A29)

(b) Determine whether the controls to be tested depend upon other controls (indirect controls), and if so, whether it is necessary to obtain audit evidence supporting the effective operation of those indirect controls. (Ref: Para. A30-A31)

Timing of Tests of Controls 11. The auditor shall test controls for the particular time, or throughout the period, for which the auditor intends to rely on those controls, subject to paragraphs 12 and 15 below, in order to provide an appropriate basis for the auditor’s intended reliance. (Ref: Para. A32) Using audit evidence obtained during an interim period 12. When the auditor obtains audit evidence about the operating effectiveness of controls during an interim period, the auditor shall: (a) Obtain audit evidence about significant changes to those controls subsequent to the

interim period; and (b) Determine the additional audit evidence to be obtained for the remaining period. (Ref:

Para. A33-A34)



Using audit evidence obtained in previous audits 13. In determining whether it is appropriate to use audit evidence about the operating effectiveness of controls obtained in previous audits, and, if so, the length of the time period that may elapse before retesting a control, the auditor shall consider the following: (a) The effectiveness of other elements of internal control, including the control environment,

the entity’s monitoring of controls, and the entity’s risk assessment process; (b) The risks arising from the characteristics of the control, including whether it is manual or

automated; (c) The effectiveness of general IT-controls; (d) The effectiveness of the control and its application by the entity, including the nature and

extent of deviations in the application of the control noted in previous audits, and whether there have been personnel changes that significantly affect the application of the control;

(e) Whether the lack of a change in a particular control poses a risk due to changing circumstances; and

(f) The risks of material misstatement and the extent of reliance on the control. (Ref: Para. A35) 14. If the auditor plans to use audit evidence from a previous audit about the operating effectiveness of specific controls, the auditor shall establish the continuing relevance of that evidence by obtaining audit evidence about whether significant changes in those controls have occurred subsequent to the previous audit. The auditor shall obtain this evidence by performing inquiry combined with observation or inspection, to confirm the understanding of those specific controls, and: (a) If there have been changes that affect the continuing relevance of the audit evidence from the

previous audit, the auditor shall test the controls in the current audit. (Ref: Para. A36) (b) If there have not been such changes, the auditor shall test the controls at least once in

every third audit, and shall test some controls each audit to avoid the possibility of testing all the controls on which the auditor intends to rely in a single audit period with no testing of controls in the subsequent two audit periods. (Ref: Para. A37-A39)

Controls over significant risks 15. When the auditor plans to rely on controls over a risk the auditor has determined to be a significant risk, the auditor shall test those controls in the current period. Evaluating the Operating Effectiveness of Controls 16. When evaluating the operating effectiveness of relevant controls, the auditor shall evaluate whether misstatements that have been detected by substantive procedures indicate that controls are not operating effectively. The absence of misstatements detected by substantive procedures, however, does not provide audit evidence that controls related to the assertion being tested are effective. (Ref: Para. A40) 17. When deviations from controls upon which the auditor intends to rely are detected, the auditor shall make specific inquiries to understand these matters and their potential consequences, and shall determine whether:



(a) The tests of controls that have been performed provide an appropriate basis for reliance on the controls;

(b) Additional tests of controls are necessary; or (c) The potential risks of misstatement need to be addressed using substantive procedures.

(Ref: Para. A41)1 Substantive Procedures 20. Irrespective of the assessed risks of material misstatement, the auditor shall design and perform substantive procedures for each material class of transactions, account balance, and disclosure. (Ref: Para. A42-A47) Substantive Procedures Related to the Financial Statement Closing Process 21. The auditor’s substantive procedures shall include the following audit procedures related to the financial statement closing process: (a) Agreeing or reconciling the financial statements with the underlying accounting records; and (b) Examining material journal entries and other adjustments made during the course of

preparing the financial statements. (Ref: Para. A48) Substantive Procedures Responsive to Significant Risks 22. When the auditor has determined that an assessed risk of material misstatement at the assertion level is a significant risk, the auditor shall perform substantive procedures that are specifically responsive to that risk. When the approach to a significant risk consists only of substantive procedures, those procedures shall include tests of details. (Ref: Para. A49) Timing of Substantive Procedures (Ref: Para.A50) 23. When substantive procedures are performed at an interim date, the auditor shall cover the remaining period by performing: (a) substantive procedures, combined with tests of controls for the intervening period; or (b) if the auditor determines that it is sufficient, further substantive procedures only; that provide a reasonable basis for extending the audit conclusions from the interim date to the period end. (Ref: Para. A51-A53) 24. If misstatements that the auditor did not expect when assessing the risks of material misstatement are detected at an interim date, the auditor shall evaluate whether the related assessment of risk and the planned nature, timing, or extent of substantive procedures covering the remaining period need to be modified. (Ref: Para. A54) Adequacy of Presentation and Disclosure 25. The auditor shall perform audit procedures to evaluate whether the overall presentation 1 The paragraphs 18 and 19 have been deleted pursuant to the issuance of Standard on Auditing (SA) 265, “Communicating Deficiencies in Internal Control to Those Charged with Governance and Management”, which is effective for all audits of financial statements for periods beginning on or after April 1, 2010.



of the financial statements, including the related disclosures, is in accordance with the applicable financial reporting framework. (Ref: Para. A55) Evaluating the Sufficiency and Appropriateness of Audit Evidence 26. Based on the audit procedures performed and the audit evidence obtained, the auditor shall evaluate before the conclusion of the audit whether the assessments of the risks of material misstatement at the assertion level remain appropriate. (Ref: Para. A56-A57) 27. The auditor shall conclude whether sufficient appropriate audit evidence has been obtained. In forming an opinion, the auditor shall consider all relevant audit evidence, regardless of whether it appears to corroborate or to contradict the assertions in the financial statements. (Ref: Para. A58) 28. If the auditor has not obtained sufficient appropriate audit evidence as to a material financial statement assertion, the auditor shall attempt to obtain further audit evidence. If the auditor is unable to obtain sufficient appropriate audit evidence, the auditor shall express a qualified opinion or a disclaimer of opinion. Documentation 29. The auditor shall document: (a) The overall responses to address the assessed risks of material misstatement at the financial

statement level, and the nature, timing and extent of the further audit procedures performed; (b) The linkage of those procedures with the assessed risks at the assertion level; and (c) The results of the audit procedures, including the conclusions where these are not

otherwise clear. (Ref: Para. A59) 30. If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in previous audits, the auditor shall document the conclusions reached about relying on such controls that were tested in a previous audit. 31. The auditors’ documentation shall demonstrate that the financial statements agree or reconcile with the underlying accounting records. Application and Other Explanatory Material Overall Responses (Ref: Para. 5) A1. Overall responses to address the assessed risks of material misstatement at the financial statement level may include: • Emphasizing to the audit team the need to maintain professional skepticism. • Assigning more experienced staff or those with special skills or using experts. • Providing more supervision. • Incorporating additional elements of unpredictability in the selection of further audit

procedures to be performed. • Making general changes to the nature, timing or extent of audit procedures, for example:

performing substantive procedures at the period end instead of at an interim date; or modifying the nature of audit procedures to obtain more persuasive audit evidence.



A2. The assessment of the risks of material misstatement at the financial statement level, and thereby the auditor’s overall responses, is affected by the auditor’s understanding of the control environment. An effective control environment may allow the auditor to have more confidence in internal control and the reliability of audit evidence generated internally within the entity and thus, for example, allow the auditor to conduct some audit procedures at an interim date rather than at the period end. Deficiencies in the control environment, however, have the opposite effect; for example, the auditor may respond to an ineffective control environment by: • Conducting more audit procedures as of the period end rather than at an interim date. • Obtaining more extensive audit evidence from substantive procedures. • Increasing the number of locations to be included in the audit scope.2 A3. Such considerations, therefore, have a significant bearing on the auditor’s general approach, for example, an emphasis on substantive procedures (substantive approach), or an approach that uses tests of controls as well as substantive procedures (combined approach). Audit Procedures Responsive to the Assessed Risks of Material Misstatement at the Assertion Level The Nature, Timing and Extent of Further Audit Procedures (Ref: Para. 6) A4. The auditor’s assessment of the identified risks at the assertion level provides a basis for considering the appropriate audit approach for designing and performing further audit procedures. For example, (as appropriate and notwithstanding the requirements of this SA)3, the auditor may determine that: (a) Only by performing tests of controls may the auditor achieve an effective response to the

assessed risk of material misstatement for a particular assertion; (b) Performing only substantive procedures is appropriate for particular assertions and,

therefore, the auditor excludes the effect of controls from the relevant risk assessment. This may be because the auditor’s risk assessment procedures have not identified any effective controls relevant to the assertion, or because testing controls would be inefficient and therefore the auditor does not intend to rely on the operating effectiveness of controls in determining the nature, timing and extent of substantive procedures; or

(c) A combined approach using both tests of controls and substantive procedures is an effective approach.

A5. The nature of an audit procedure refers to its purpose (i.e., test of controls or substantive procedure) and its type (i.e., inspection, observation, inquiry, confirmation, recalculation, reperformance, or analytical procedure). The nature of the audit procedures is of most importance in responding to the assessed risks.

2 These changes have been made pursuant to the issuance of Standard on Auditing (SA) 265, “Communicating Deficiencies in Internal Control to Those Charged with Governance and Management”, which is effective for all audits of financial statements for periods beginning on or after April 1, 2010. 3 For example, as required by paragraph 20, irrespective of the approach selected, the auditor designs and performs

substantive procedures for each significant class of transactions, account balance, and disclosure.



A6. Timing of an audit procedure refers to when it is performed, or the period or date to which the audit evidence applies. A7. Extent of an audit procedure refers to the quantity to be performed, for example, a sample size or the number of observations of a control activity. A8. Designing and performing further audit procedures whose nature, timing and extent are based on and are responsive to the assessed risks of material misstatement at the assertion level provides a clear linkage between the auditors’ further audit procedures and the risk assessment. Responding to the Assessed Risks at the Assertion Level (Ref: Para. 7(a)) Nature A9. The auditor’s assessed risks may affect both the types of audit procedures to be performed and their combination. For example, when an assessed risk is high, the auditor may confirm the completeness of the terms of a contract with the counterparty, in addition to inspecting the document. Further, certain audit procedures may be more appropriate for some assertions than others. For example, in relation to revenue, tests of controls may be most responsive to the assessed risk of misstatement of the completeness assertion, whereas substantive procedures may be most responsive to the assessed risk of misstatement of the occurrence assertion. A10. The reasons for the assessment given to a risk are relevant in determining the nature of audit procedures. For example, if an assessed risk is lower because of the particular characteristics of a class of transactions without consideration of the related controls, then the auditor may determine that substantive analytical procedures alone provide sufficient appropriate audit evidence. On the other hand, if the assessed risk is lower because of internal controls, and the auditor intends to base the substantive procedures on that low assessment, then the auditor performs tests of those controls, as required by paragraph 8(a). This may be the case, for example, for a class of transactions of reasonably uniform, non-complex characteristics that are routinely processed and controlled by the entity’s information system. Timing A11. The auditor may perform tests of controls or substantive procedures at an interim date or at the period end. The higher the risk of material misstatement, the more likely it is that the auditor may decide it is more effective to perform substantive procedures nearer to, or at, the period end rather than at an earlier date, or to perform audit procedures unannounced or at unpredictable times (for example, performing audit procedures at selected locations on an unannounced basis). This is particularly relevant when considering the response to the risks of fraud. For example, the auditor may conclude that, when the risks of intentional misstatement or manipulation have been identified, audit procedures to extend audit conclusions from interim date to the period end would not be effective. A12. On the other hand, performing audit procedures before the period end may assist the auditor in identifying significant matters at an early stage of the audit, and consequently resolving them with the assistance of management or developing an effective audit approach to address such matters.



A13. In addition, certain audit procedures can be performed only at or after the period end, for example: • Agreeing the financial statements to the accounting records; • Examining adjustments made during the course of preparing the financial statements; and • Procedures to respond to a risk that, at the period end, the entity may have entered into

improper sales contracts, or transactions may not have been finalised. A14. Further relevant factors that influence the auditor’s consideration of when to perform audit procedures include the following: • The control environment. • When relevant information is available (for example, electronic files may subsequently be

overwritten, or procedures to be observed may occur only at certain times). • The nature of the risk (for example, if there is a risk of inflated revenues to meet earnings

expectations by subsequent creation of false sales agreements, the auditor may wish to examine contracts available on the date of the period end).

• The period or date to which the audit evidence relates. • Extent A15. The extent of an audit procedure judged necessary is determined after considering the materiality, the assessed risk, and the degree of assurance the auditor plans to obtain. When a single purpose is met by a combination of procedures, the extent of each procedure is considered separately. In general, the extent of audit procedures increases as the risk of material misstatement increases. For example, in response to the assessed risk of material misstatement due to fraud, increasing sample sizes or performing substantive analytical procedures at a more detailed level may be appropriate. However, increasing the extent of an audit procedure is effective only if the audit procedure itself is relevant to the specific risk. A16. The use of computer-assisted audit techniques (CAATs) may enable more extensive testing of electronic transactions and account files, which may be useful when the auditor decides to modify the extent of testing, for example, in responding to the risks of material misstatement due to fraud. Such techniques can be used to select sample transactions from key electronic files, to sort transactions with specific characteristics, or to test an entire population instead of a sample. A17. In certain circumstances, the audit mandate and any other special auditing requirements may affect the auditor’s consideration of the nature, timing and extent of further audit procedures. Considerations specific to smaller entities A18. In the case of very small entities, there may not be many control activities that could be identified by the auditor, or the extent to which their existence or operation have been documented by the entity may be limited. In such cases, it may be more efficient for the auditor to perform further audit procedures that are primarily substantive procedures. In some rare cases, however, the absence of control activities or of other components of control may make it impossible to obtain sufficient appropriate audit evidence.



Higher Assessments of Risk (Ref: Para 7(b)) A19. When obtaining more persuasive audit evidence because of a higher assessment of risk, the auditor may increase the quantity of the evidence, or obtain evidence that is more relevant or reliable, e.g., by placing more emphasis on obtaining third party evidence or by obtaining corroborating evidence from a number of independent sources. Tests of Controls Designing and Performing Tests of Controls (Ref: Para. 8) A20. Tests of controls are performed only on those controls that the auditor has determined are suitably designed to prevent, or detect and correct, a material misstatement in an assertion. If substantially different controls were used at different times during the period under audit, each is considered separately. A21. Testing the operating effectiveness of controls is different from obtaining an understanding of and evaluating the design and implementation of controls. However, the same types of audit procedures are used. The auditor may, therefore, decide it is efficient to test the operating effectiveness of controls at the same time as evaluating their design and determining that they have been implemented. A22. Further, although some risk assessment procedures may not have been specifically designed as tests of controls, they may nevertheless provide audit evidence about the operating effectiveness of the controls and, consequently, serve as tests of controls. For example, the auditor’s risk assessment procedures may have included: • Inquiring about management’s use of budgets. • Observing management’s comparison of monthly budgeted and actual expenses. • Inspecting reports pertaining to the investigation of variances between budgeted and

actual amounts. These audit procedures provide knowledge about the design of the entity’s budgeting policies and whether they have been implemented, but may also provide audit evidence about the effectiveness of the operation of budgeting policies in preventing or detecting material misstatements in the classification of expenses. A23. In addition, the auditor may design a test of controls to be performed concurrently with a test of details on the same transaction. Although the purpose of a test of controls is different from the purpose of a test of details, both may be accomplished concurrently by performing a test of controls and a test of details on the same transaction, also known as a dual-purpose test. For example, the auditor may design, and evaluate the results of, a test to examine an invoice to determine whether it has been approved and to provide substantive audit evidence of a transaction. A dual-purpose test is designed and evaluated by considering each purpose of the test separately. A24. In some cases, as discussed in SA 315, the auditor may find it impossible to design effective substantive procedures that by themselves provide sufficient appropriate audit evidence at the assertion level. This may occur when an entity conducts its business using IT and no



documentation of transactions is produced or maintained, other than through the IT system. In such cases, paragraph 8(b) requires the auditor to perform tests of relevant controls. Audit Evidence and Intended Reliance (Ref: Para. 9) A25. A higher level of assurance may be sought about the operating effectiveness of controls when the approach adopted consists primarily of tests of controls, in particular where it is not possible or practicable to obtain sufficient appropriate audit evidence only from substantive procedures. Nature and Extent of Tests of Controls Other audit procedures in combination with inquiry (Ref: Para. 10(a)) A26. Inquiry alone is not sufficient to test the operating effectiveness of controls. Accordingly, other audit procedures are performed in combination with inquiry. In this regard, inquiry combined with inspection or reperformance may provide more assurance than inquiry and observation, since an observation is pertinent only at the point in time at which it is made. A27. The nature of the particular control influences the type of procedure required to obtain audit evidence about whether the control was operating effectively. For example, if operating effectiveness is evidenced by documentation, the auditor may decide to inspect it to obtain audit evidence about operating effectiveness. For other controls, however, documentation may not be available or relevant. For example, documentation of operation may not exist for some factors in the control environment, such as assignment of authority and responsibility, or for some types of control activities, such as control activities performed by a computer. In such circumstances, audit evidence about operating effectiveness may be obtained through inquiry in combination with other audit procedures such as observation or the use of CAATs. Extent of tests of controls A28. When more persuasive audit evidence is needed regarding the effectiveness of a control, it may be appropriate to increase the extent of testing of the control. As well as the degree of reliance on controls, matters the auditor may consider in determining the extent of tests of controls include the following: • The frequency of the performance of the control by the entity during the period. • The length of time during the audit period that the auditor is relying on the operating

effectiveness of the control. • The expected rate of deviation from a control. • The relevance and reliability of the audit evidence to be obtained regarding the operating

effectiveness of the control at the assertion level. • The extent to which audit evidence is obtained from tests of other controls related to the

assertion. SA 530 (Revised)4, “Audit Sampling” contains further guidance on the extent of testing.

4 SA 530 (Revised), “Audit Sampling”.



A29. Because of the inherent consistency of IT processing, it may not be necessary to increase the extent of testing of an automated control. An automated control can be expected to function consistently unless the program (including the tables, files, or other permanent data used by the program) is changed. Once the auditor determines that an automated control is functioning as intended (which could be done at the time the control is initially implemented or at some other date), the auditor may consider performing tests to determine that the control continues to function effectively. Such tests might include determining that: • Changes to the program are not made without being subject to the appropriate program

change controls; • The authorised version of the program is used for processing transactions; and • Other relevant general controls are effective. Such tests also might include determining that changes to the programs have not been made, as may be the case when the entity uses packaged software applications without modifying or maintaining them. For example, the auditor may inspect the record of the administration of IT security to obtain audit evidence that unauthorised access has not occurred during the period. Testing of indirect controls (Ref: Para. 10(b)) A30. In some circumstances, it may be necessary to obtain audit evidence supporting the effective operation of indirect controls. For example, when the auditor decides to test the effectiveness of a user review of exception reports detailing sales in excess of authorized credit limits, the user review and related follow up is the control that is directly of relevance to the auditor. Controls over the accuracy of the information in the reports (for example, the general IT-controls) are described as “indirect” controls. A31. Because of the inherent consistency of IT processing, audit evidence about the implementation of an automated application control, when considered in combination with audit evidence about the operating effectiveness of the entity’s general controls (in particular, change controls), may also provide substantial audit evidence about its operating effectiveness. Timing of Tests of Controls Intended period of reliance (Ref: Para. 11) A32. Audit evidence pertaining only to a point in time may be sufficient for the auditor’s purpose, for example, when testing controls over the entity’s physical inventory counting at the period end. If, on the other hand, the auditor intends to rely on a control over a period, tests that are capable of providing audit evidence that the control operated effectively at relevant times during that period are appropriate. Such tests may include tests of the entity’s monitoring of controls. Using audit evidence obtained during an interim period (Ref: Para. 12) A33. Relevant factors in determining what additional audit evidence to obtain about controls that were operating during the period remaining after an interim period, include: • The significance of the assessed risks of material misstatement at the assertion level. • The specific controls that were tested during the interim period, and significant changes



to them since they were tested, including changes in the information system, processes, and personnel.

• The degree to which audit evidence about the operating effectiveness of those controls was obtained.

• The length of the remaining period. • The extent to which the auditor intends to reduce further substantive procedures based

on the reliance of controls. • The control environment. A34. Additional audit evidence may be obtained, for example, by extending tests of controls over the remaining period or testing the entity’s monitoring of controls. Using audit evidence obtained in previous audits (Ref: Para. 13) A35. In certain circumstances, audit evidence obtained from previous audits may provide audit evidence where the auditor performs audit procedures to establish its continuing relevance. For example, in performing a previous audit, the auditor may have determined that an automated control was functioning as intended. The auditor may obtain audit evidence to determine whether changes to the automated control have been made that affect its continued effective functioning through, for example, inquiries of management and the inspection of logs to indicate what controls have been changed. Consideration of audit evidence about these changes may support either increasing or decreasing the expected audit evidence to be obtained in the current period about the operating effectiveness of the controls. Controls that have changed from previous audits (Ref: Para. 14(a)) A36. Changes may affect the relevance of the audit evidence obtained in previous audits such that there may no longer be a basis for continued reliance. For example, changes in a system that enable an entity to receive a new report from the system probably do not affect the relevance of audit evidence from a previous audit; however, a change that causes data to be accumulated or calculated differently does affect it. Controls that have not changed from previous audits (Ref: Para. 14(b)) A37. The auditor’s decision on whether to rely on audit evidence obtained in previous audits for controls that: (a) Have not changed since they were last tested; and (b) Are not controls that mitigate a significant risk; is a matter of professional judgment. In addition, the length of time between retesting such controls is also a matter of professional judgment, but is required by paragraph 14 (b) to be at least once in every third year. A38. In general, the higher the risk of material misstatement, or the greater the reliance on controls, the shorter the time period elapsed, if any, is likely to be. Factors that may decrease the period for retesting a control, or result in not relying on audit evidence obtained in previous audits at all, include the following:



• A deficient control environment. • Deficient monitoring of controls. • A significant manual element to the relevant controls. • Personnel changes that significantly affect the application of the control. • Changing circumstances that indicate the need for changes in the control. • Deficient general IT-controls.5 A39. When there are a number of controls for which the auditor intends to rely on audit evidence obtained in previous audits, testing some of those controls in each audit provides corroborating information about the continuing effectiveness of the control environment. This contributes to the auditor’s decision about whether it is appropriate to rely on audit evidence obtained in previous audits. Evaluating the Operating Effectiveness of Controls (Ref: Para. 16 -19) A40. A material misstatement detected by the auditor’s procedures is a strong indicator of the existence of a significant deficiency in internal control.6 A41. The concept of effectiveness of the operation of controls recognises that some deviations in the way controls are applied by the entity may occur. Deviations from prescribed controls may be caused by such factors as changes in key personnel, significant seasonal fluctuations in volume of transactions and human error. The detected rate of deviation, in particular in comparison with the expected rate, may indicate that the control cannot be relied on to reduce risk at the assertion level to that assessed by the auditor. Substantive Procedures (Ref: Para. 20) A42. Paragraph 20 requires the auditor to design and perform substantive procedures for each material class of transactions, account balance, and disclosure, irrespective of the assessed risks of material misstatement. This requirement reflects the facts that: (i) the auditor’s assessment of risk is judgmental and so may not identify all risks of material misstatement; and (ii) there are inherent limitations to internal control, including management override. Nature and Extent of Substantive Procedures A43. Depending on the circumstances, the auditor may determine that: • Performing only substantive analytical procedures will be sufficient to reduce audit risk to

an acceptably low level. For example, where the auditor’s assessment of risk is supported by audit evidence from tests of controls.

• Only tests of details are appropriate. • A combination of substantive analytical procedures and tests of details are most

responsive to the assessed risks. 5 These changes have been made pursuant to the issuance of Standard on Auditing (SA) 265, “Communicating Deficiencies in Internal Control to Those Charged with Governance and Management”, which is effective for all audits of financial statements for periods beginning on or after April 1, 2010. 6 These changes have been made pursuant to the issuance of Standard on Auditing (SA) 265, “Communicating Deficiencies in Internal Control to Those Charged with Governance and Management”, which is effective for all audits of financial statements for periods beginning on or after April 1, 2010.



A44. Substantive analytical procedures are generally more applicable to large volumes of transactions that tend to be predictable over time. SA 5207, “Analytical Procedures” establishes requirements and provides guidance on the application of analytical procedures during an audit. A45. The nature of the risk and assertion is relevant to the design of tests of details. For example, tests of details related to the existence or occurrence assertion may involve selecting from items contained in a financial statement amount and obtaining the relevant audit evidence. On the other hand, tests of details related to the completeness assertion may involve selecting from items that are expected to be included in the relevant financial statement amount and investigating whether they are included. A46. Because the assessment of the risk of material misstatement takes account of internal control, the extent of substantive procedures may need to be increased when the results from tests of controls are unsatisfactory. However, increasing the extent of an audit procedure is appropriate only if the audit procedure itself is relevant to the specific risk. A47. In designing tests of details, the extent of testing is ordinarily thought of in terms of the sample size. However, other matters are also relevant, including whether it is more effective to use other selective means of testing. See SA 530 for additional guidance. Substantive Procedures Related to the Financial Statement Closing Process (Ref: Para. 21(b)) A48. The nature, and also the extent, of the auditor’s examination of journal entries and other adjustments depends on the nature and complexity of the entity’s financial reporting process and the related risks of material misstatement. Substantive Procedures Responsive to Significant Risks (Ref: Para. 22) A49. Paragraph 22 of this SA requires the auditor to perform substantive procedures that are specifically responsive to risks the auditor has determined to be significant risks. For example, if the auditor identifies that management is under pressure to meet earnings expectations, there may be a risk that management is inflating sales by improperly recognising revenue related to sales agreements with terms that preclude revenue recognition or by invoicing sales before shipment. In these circumstances, the auditor may, for example, design external confirmations not only to confirm outstanding amounts, but also to confirm the details of the sales agreements, including date, any rights of return and delivery terms. In addition, the auditor may find it effective to supplement such external confirmations with inquiries of non-financial personnel in the entity regarding any changes in sales agreements and delivery terms. Substantive procedures related to significant risks are most often designed to obtain audit evidence with high reliability. Timing of Substantive Procedures (Ref: Para. 23-24) A50. In most cases, audit evidence from a previous audit’s substantive procedures provides little

7 Currently SA 520 (AAS 14), “Analytical Procedures” is in force. The Standard is being revised in the light of the

corresponding International Standard.



or no audit evidence for the current period. There are, however, exceptions, e.g., a legal opinion obtained in a previous audit related to the structure of a securitisation to which no changes have occurred, may be relevant in the current period. In such cases, it may be appropriate to use audit evidence from a previous audit’s substantive procedures if that evidence and the related subject matter have not fundamentally changed, and audit procedures have been performed during the current period to establish its continuing relevance. Using audit evidence obtained during an interim period (Ref: Para. 23) A51. In some circumstances, the auditor may determine that it is effective to perform substantive procedures at an interim date, and to compare and reconcile information concerning the balance at the period end with the comparable information at the interim date to: (a) Identify amounts that appear unusual; (b) Investigate any such amounts; and (c) Perform substantive analytical procedures or tests of details to test the intervening period. A52. Performing substantive procedures at an interim date without undertaking additional procedures at a later date increases the risk that the auditor will not detect misstatements that may exist at the period end. This risk increases as the remaining period is lengthened. Factors such as the following may influence whether to perform substantive procedures at an interim date: • The control environment and other relevant controls. • The availability at a later date of information necessary for the auditor’s procedures. • The purpose of the substantive procedure. • The assessed risk of material misstatement. • The nature of the class of transactions or account balance and related assertions. • The ability of the auditor to perform appropriate substantive procedures or substantive

procedures combined with tests of controls to cover the remaining period in order to reduce the risk that misstatements that may exist at the period end will not be detected.

A53. Factors such as the following may influence whether to perform substantive analytical procedures with respect to the period between the interim date and the period end: • Whether the period end balances of the particular classes of transactions or account

balances are reasonably predictable with respect to amount, relative significance, and composition.

• Whether the entity’s procedures for analysing and adjusting such classes of transactions or account balances at interim dates and for establishing proper accounting cutoffs are appropriate.

• Whether the information system relevant to financial reporting will provide information concerning the balances at the period end and the transactions in the remaining period that is sufficient to permit investigation of: (a) Significant unusual transactions or entries (including those at or near the period end); (b) Other causes of significant fluctuations, or expected fluctuations that did not occur; and



(c) Changes in the composition of the classes of transactions or account balances. Misstatements detected at an interim date (Ref: Para. 24) A54. When the auditor concludes that the planned nature, timing or extent of substantive procedures covering the remaining period need to be modified as a result of unexpected misstatements detected at an interim date, such modification may include extending or repeating the procedures performed at the interim date at the period end. Adequacy of Presentation and Disclosure (Ref: Para. 25) A55. Evaluating the overall presentation of the financial statements, including the related disclosures, relates to whether the individual financial statements are presented in a manner that reflects the appropriate classification and description of financial information, and the form, arrangement, and content of the financial statements and their appended notes. This includes, for example, the terminology used, the amount of detail given, the classification of items in the statements, and the bases of amounts set forth. Evaluating the Sufficiency and Appropriateness of Audit Evidence (Ref: Para. 26-28) A56. An audit of financial statements is a cumulative and iterative process. As the auditor performs planned audit procedures, the audit evidence obtained may cause the auditor to modify the nature, timing or extent of other planned audit procedures. Information may come to the auditor’s attention that differs significantly from the information on which the risk assessment was based. For example, • The extent of misstatements that the auditor detects by performing substantive

procedures may alter the auditor’s judgment about the risk assessments and may indicate a significant deficiency in internal control.

• The auditor may become aware of discrepancies in accounting records, or conflicting or missing evidence.

• Analytical procedures performed at the overall review stage of the audit may indicate a previously unrecognised risk of material misstatement. 8

In such circumstances, the auditor may need to re-evaluate the planned audit procedures, based on the revised consideration of assessed risks for all or some of the classes of transactions, account balances, or disclosures and related assertions. SA 315 contains further guidance on revising the auditor’s risk assessment. A57. The auditor cannot assume that an instance of fraud or error is an isolated occurrence. Therefore, the consideration of how the detection of a misstatement affects the assessed risks of material misstatement is important in determining whether the assessment remains appropriate.

8 These changes have been made pursuant to the issuance of Standard on Auditing (SA) 265, “Communicating Deficiencies in Internal Control to Those Charged with Governance and Management”, which is effective for all audits of financial statements for periods beginning on or after April 1, 2010.



A58. The auditor’s judgment as to what constitutes sufficient appropriate audit evidence is influenced by such factors as the following: • Significance of the potential misstatement in the assertion and the likelihood of its having

a material effect, individually or aggregated with other potential misstatements, on the financial statements.

• Effectiveness of management’s responses and controls to address the risks. • Experience gained during previous audits with respect to similar potential misstatements. • Results of audit procedures performed, including whether such audit procedures

identified specific instances of fraud or error. • Source and reliability of the available information. • Persuasiveness of the audit evidence. • Understanding of the entity and its environment, including the entity’s internal control. Documentation (Ref: Para. 29) A59. The form and extent of audit documentation is a matter of professional judgment, and is influenced by the nature, size and complexity of the entity and its internal control, availability of information from the entity and the audit methodology and technology used in the audit.

MATERIAL MODIFICATIONS TO ISA 330, THE AUDITOR’S RESPONSES TO ASSESSED RISKS Deletion 1. Paragraph A17 of the Application Section of ISA 330 dealt with the application of the requirements of ISA 330 to the audits of public sector entities regarding the auditor’s consideration of the nature, timing and extent of further audit procedures. Since as mentioned in the “Preface to the Standards on Quality Control, Auditing, Review, Other Assurance and Related Services”, the Standards issued by the Auditing and Assurance Standards Board, apply equally to all entities, irrespective of their form, nature and size, a specific reference to applicability of the Standard to public sector entities has been deleted. Further, it is also possible that even in case of non-public sector entities the auditor may be required to give special considerations regarding the nature, timing and extent as a result of the terms of appointment of the auditor or any other special reporting requirement under the statute or regulation under which the entity operates. Accordingly, the spirit of erstwhile A17, highlighting the fact that in some cases, the auditor’s consideration of the nature, timing and extent of further audit procedures may be affected by the audit mandate or any other special auditing requirements, has been retained.


sa 320(revised materiality in planning and … · part i : engagement and quality control standards...

Documents